Skip to content Skip to footer

You’re being tracked through your email. Here’s how to stop it.

Cartoon image of a hacker sitting at a laptop across from an unsuspecting victim, also at a laptop.
Denis Novikov/Getty Images/iStockphoto

It’s time to turn off those secret email read receipts.

I subscribe to a lot of newsletters. I read most of them, too. But their authors wouldn’t know it because I’ve disabled the trackers that detect and tell the senders when subscribers open their emails. It’s nothing personal; I just don’t want anyone knowing what I read, when, how many times I read it, the device I read it on, and even where I was when I read it. How about you?

Oh, you didn’t know it was possible for email senders to know all of that about you just because you clicked open? It very much is, and it happens a lot — in newsletters and marketing emails especially. But trackers aren’t limited to them. Anyone can sneak a tracker into your email; services that do this are plentiful and free. If you’re the kind of person who turns off read receipts on texts and DMs, this is probably not good news to read.

While it’s creepy to think of your email reading habits being tracked, that’s not the only reason why you should consider taking a few extra steps to protect your email. Your email address has become one of your best and most persistent identifiers, and data brokers and marketers will match what you do with it in one place with what you’ve used it for in others. That helps them build an ever-more-comprehensive profile of your online (and offline) life. You might be fine with getting emails from the store you gave your address to, or even that store knowing whether you opened their emails. You might not be so fine with a bunch of other companies you have no relationship with knowing it, too. But that’s exactly what happens.

There’s also the security factor. Emails get leaked in data breaches all the time, and there’s a lot a determined hacker can do with your email address, especially since email addresses often double as logins. If a company doesn’t have your real email address, that’s one less thing you have to worry about getting out there if (or, really, when) that company gets hacked.

The good news is there are ways to better protect your email privacy. A new one just dropped: DuckDuckGo, the privacy-first search engine provider, just opened up its Email Protection service after a year of beta testing. Apple, Firefox, and Proton have similar offerings, each with its own pros and cons.

Here are a few services and ways to make your email more private and why you should consider using them. These aren’t the only companies offering these services, but they each have a reputation for protecting their users’ privacy. In some cases, that’s their mission statement.

Disguise your email address

One of the best ways to protect your email privacy is also one of the most obvious: Don’t give your email address out in the first place. But email addresses are valuable, so companies will do whatever they can to get them. Maybe they’ll require you to give them your email address if you want to order anything, or they’ll dangle a nice juicy discount in front of you in exchange for it.

One solution is to use a service that gives you an alias email address, which redirects messages to the inbox of your choice. That way, you can get all the emails (and coupons) in your real inbox without the senders knowing what your real address is.

Perhaps the best-known example of this is Apple’s “Hide My Email” feature. I use this, so I can tell you that it works as promised. I get unlimited aliases and use a different one everywhere. But, as seems to be the case with everything Apple, it works much better within the Apple ecosystem than it does outside of it. If you’re logged into your iCloud account, using an Apple device, going through Apple’s Safari browser, or using sign in with Apple, then Hide My Email will pop up as an option at email prompts. Creating and entering your fake email address is about as easy as entering your real one.

But if you’re using a non-Apple product or service, the process becomes significantly more time-consuming and annoying. Another drawback is that it costs money. You have to have an iCloud+ account, which starts at 99 cents a month and includes other things, like expanded cloud storage. So while Hide My Email is a good feature for some, it’s probably not the best option for all.

DuckDuckGo’s Email Protection makes it easy to create fake email addresses.

DuckDuckGo’s Email Protection, on the other hand, is free. And it’s available on most web browsers if you install DuckDuckGo’s extension, which you can get through DuckDuckGo’s site or your browser’s extension store (the notable exception being Safari, though DuckDuckGo says that’s in the works). After that, it’ll pop up automatically as an option whenever there’s an email prompt, similar to Hide My Mail. You get as many aliases as you want, set-up is simple, and it’s got a few other features that I’ll get into later.

There’s also Firefox Relay, which has a free and a paid option. The free one only gives you 5 aliases, while the paid tier has unlimited addresses. It’s 99 cents a month, though Firefox says that price point will only be available for a limited time. Also, the browser extension you’ll need to easily use Relay in email prompts isn’t available on all browsers. Finally, you have to have or create a Firefox account to use it. That’s easy enough to do, but it’s also an extra step you may not want to take when signing up for a service that’s supposed to help you avoid giving away your data while setting up accounts.

Finally, Proton — which is best known for its encrypted email service — now offers the ability to create alias email addresses with paid Proton Mail plans, which start at $3.99 a month. The cheapest option only gives you 10 aliases, though, so if you’re planning on using a different email for everything, that won’t be enough.

If you don’t want to bother with going through an alias service, you can always just create your own alternate account on whatever email provider you use and put that down for all the things you don’t want to give out your real email address for. It’ll reduce the amount of junk email you get in your real inbox, but if you use that one email address enough times in enough places, it’ll become just as much of an identifier of you as your real email address is.

Block those trackers

Whether you’re giving out your real email address or going through an alias, you may not want email senders to know if and when you read their messages. They can learn a lot about you just from that. This tracking happens through tiny little images — a pixel, basically — embedded in the email. When you open the email, it makes a call to the server the image is hosted on, which tells the tracking service that you opened the email, how many times you opened it, when you opened it, some info about the device you used to open it, and possibly even your IP address (many email providers have cut this off; Gmail, for instance, routes image requests through its servers, which masks your IP address).

Some of the same companies that offer email aliases also have tracker blocking services. Apple rolled out its tracker blocking feature, Mail Privacy Protection, last year with iOS15. The good news is Mail Privacy Protection is free and easy to enable — either you got a prompt the first time you opened Mail asking if you wanted to turn it on, or it’s a matter of finding it in your settings. The bad news is it only works in Apple’s Mail app.

Proton’s mail service enables tracker protection by default and is available with both its free and paid tiers. It’ll tell you which trackers it blocked and who they’re from, giving you a chance to sort of spy on the companies spying on you. But tracker protection is only available on Proton’s website. Proton says it’s coming to the mobile app soon.

DuckDuckGo’s Email Protection service is not tied to any one company or operating system. It detects and filters out trackers before they make their way to your (real) inbox. It also removes trackers from links with the emails, and it’ll let you know if an email contained trackers and who they’re from. Just to give you a sense of how pervasive these trackers are: DuckDuckGo says about 85 percent of the emails that passed through its new service during Email Protection’s beta phase contained trackers.

Firefox Relay’s free and premium tiers also remove trackers. Note that both DuckDuckGo and Firefox’s options only remove trackers from the emails that pass through them; that is, the emails coming through the alias emails you created with their services. They’re not removing trackers from emails that go directly to your real email address.

Finally, you can always go the DIY route by going into your email settings and making sure that you’ve chosen not to automatically download images. In Gmail, for instance, you can do this by going to Settings > General > Images > Ask before displaying external images. The downside of this method is that your emails might look like a sea of broken image icons, since you’re not just blocking trackers, you’re blocking all images hosted externally, even if they’re perfectly harmless.

A final note: While these services and techniques will surely protect your privacy to some extent, nothing is foolproof. If there’s any identifying information attached to your alias email address — maybe you set up an account using it and then order something to be delivered to your real physical address using your real name — it won’t be hard for a data broker to match it back to you. While tracker blockers are effective, there’s always a chance that marketers and the tracking services they use will come up with another way to track you through your emails. And then we’ll start the whole process of figuring out how to block those trackers all over again.

Leave a comment

0.0/5